diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 8f052fda..bfec3e25 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -55,7 +55,7 @@ def authenticate_if_needed
       # Disable this extra authentication in test mode
       return true if Rails.env.test?
       return true # any hint of basic auth will stop BL staff from accessing site so instead we open all the "private" demo sites
-      if (is_hidden || is_staging) && !is_api_or_pdf
+      if (is_hidden || is_staging) && !is_api_or_pdf # rubocop:disable Lint/UnreachableCode
         authenticate_or_request_with_http_basic do |username, password|
           username == ENV.fetch("HYKU_DEMO_USER", "bl_demo_user") && password == ENV.fetch("HYKU_DEMO_PASSWORD", "resu_omed_lb")
         end
diff --git a/config/initializers/hyrax.rb b/config/initializers/hyrax.rb
index aafea048..c0ccba51 100644
--- a/config/initializers/hyrax.rb
+++ b/config/initializers/hyrax.rb
@@ -230,3 +230,29 @@ def build_query_url(q)
 
 require 'hydra/derivatives'
 Hydra::Derivatives::Processors::Video::Processor.config.video_bitrate = '1500k'
+
+# Monkey patch Bulkrax so controlled URI validation allows http://thing.com/a/file/with/an/extension.html 
+# not just http://thing.com/thing(|/)
+# Remove all the trailing slashes from authorities and remove from input if present rather than the inverse
+Bulkrax::ImportBehavior.module_eval do 
+
+  # @param value [String] value to validate
+  # @param field [String] name of the controlled property
+  # @return [String, nil] validated URI value or nil
+  def validate_value(value, field)
+    if value.match?(::URI::DEFAULT_PARSER.make_regexp)
+      value = value.strip.chomp
+      # add trailing forward slash unless one is already present or there's an obvious file extension
+      value << '/' unless value.match?(%r{/$}) || value.match?(%r{/[^./]+\.[^./]+$})
+    end
+
+    valid = if active_id_for_authority?(value, field)
+              true
+            else
+              value.include?('https') ? value.sub!('https', 'http') : value.sub!('http', 'https')
+              active_id_for_authority?(value, field)
+            end
+
+    valid ? value : nil
+  end
+end